Java7 Update #17 ? i'm too exhausted to upload again
When wil Oracle get it right?
Oracle has issued a rare emergency patch to address two vulnerabilities in the Java plugin for web browsers that the company says are being actively exploited. "Due to the severity of these vulnerabilities, and the reported exploitation of CVE-2013-1493 'in the wild,' Oracle strongly recommends that customers apply the updates …
I think I saw this link posted on slashdot
http://java.com/en/download/faq/java_6.xml
"After February 2013, Oracle will no longer post updates of Java SE 6 to its public download sites. All Java 6 releases up to and including 6u43 will be moved to the Java Archive on the Oracle Technology Network, where they will remain available but not receive updates."
Would be nice if El Reg could get some confirmation.
Yeah, they may have INTENDED to not release updates after Feb 2013, but I think the negative feedback they'd get for not fixing the security [insert salty sailor language here] they've had would pretty much kill any hopes they have of converting the Java 6 developer community to Java 7.
I feel like maybe Oracle should publish an ultra minimal subset of java, redesigned from scratch, focusing on solid design, and progressively build up and out until it catches up with the current featureset, while allowing the current, unstable branch to grow feature wise, so the language doesn't TOTALLY die out in the interim.
I remember when Java was originally launched (around the time of lots of ActiveX exploits) and much was made of its (Java's) super-duper sandbox security model that would keep us safe forever.
How did that work out then?
1. Install new update after it bugs me incessantly for several days in a row.
2. Tell it that I do not want the farking Ask.com toolbar for the 17th time.
3. Re-disable the plugin in my browser, again for the 17th time.
If I didn't need Eclipse and the Android SDK, this piece of trash would be banned from my systems. :P
It's that big as they pad it out with API documentation that is available elsewhere.
> something has gone completely awry.
Eh, because it has a such a wide ranging API something has gone awry? Personally I would have thought that is one of the reasons it is such a common choice of language.
It's a bit like the horsemeat scandal: all those APIs that are the reason its a common choice of language represent programmers who are prepared to trust that some complete stranger "upstream" has done their job correctly and their code can simply be called without fuss.
In fact, just as it turned out that our "from the shelf to the field" food tracking system of trust was bogus, the API chain often (in any language) turns out to be full of holes, patches, and just plain bad programming. Oracle's struggle to fix this is exactly analogous to what happened in the wake of the first revelations about the horsemeat - someone went to fix what they thought was an isolated problem and discovered the rotting systemic mess behind that outbreak.
I'm not saying this is a specifically Java problem - if anything it's an inherent problem in the culture of Object Oriented Programming: the idea that you can have "shrink-wrapped" components from vendors you can trust (I know the concept also appears in pre-/non-OOP systems too). But at the end of the day, why do you actually think you can trust someone else's code? I can barely trust my own, to be honest.
That 3" think Nutshell book represents 3" of APIs that someone is asking you to take on trust. Is that a good idea, regardless of how common it is that programmers do in fact accept it?
So Java is rubbish because the browser plugin has the odd vulnerability or two (which could in fact be due to integration with the browser rather than anything fundamental to Java itself). Chrome and Firefox seem to get patched every five minutes and no one bats an eyelid. Known M$ vulnerabilities can hang around for months before they get fixed.
Anyone would think that someone has got it in for Java. Maybe it's Oracle that is spreading all this FUD and hatred?
Personally, I love Java and hate Oracle. I don't want the Ask toolbar, and it would be nice if the documentation didn't have lots of broken links to the Sun websites, or pointless links to top-level pages. However, I think the language is great, and is still a brilliant way to produce functional cross-platform applications (client or server) using a proper strongly-typed OO language.
...has versions numbered 10.2.5471.2.15.26 (or whatever), you just KNOW there is some inherent problem.
I remember when having to provide support for Oracle apps, it was ESSENTIAL to get EXACTLY the right version of Oracle (which was always a PAIN to install), because there seemed to be no onwards/backwards compatibility with Oracle and, of course, no "Oracle Update" as per Windows.
If we ever got a new Oracle application to support, we knew support costs were going to be MUCH higher than comparable non-Oracle apps.
So I guess its no big deal that most of the popular browser have had recent critical security exploits:
http://www.theregister.co.uk/2013/03/05/google_chrome_pre_pwn2own_update/
or that Windows is still riddled with security exploits
http://mobile.theverge.com/2013/2/13/3983846/googlers-found-over-50-percent-of-the-bugs-in-microsofts-massive-update
It is my opinion that Java/JavaFX kicks HTML5's butt when it comes to performance, capability and maintainability:
http://download.oracle.com/otndocs/products/javafx/2.2/samples/Ensemble/index.html
http://jfxtras.org/resources/java/Ensemble.jnlp
http://goworldwind.org/demos/
(Of course, many of you won't be able to see these demos since you have been manipulated into disabling Java.)
The truth is that any software that is exposed to the network may have a critical security vulnerability. Every time that software is touched, another vulnerability may be exposed. (Remember how a simple buffer overrun exploit was used in the Unix "finger" program to bring down the internet in the 80s'?)
At least Java was designed for security from the beginning and has more of a chance of being secure than most other networked applications. Java 7 was a big change from Java 6 and will have some short term hiccups. The nice thing about Java is that it is open source so the vulnerabilities will be discovered quickly as thousands of hackers, developers and security firms probe through the source code. (i.e. Java doesn't rely on security through obscurity.)